I've never seen anything like that on windowsupdate. Microsoft made statements that 'millions were unnecessarily downloading' the patch. I've seen nothing since then on the news from them.
I never thought of that angle. Yes, people are talking about 'the customer needs to patch' - why? The customer doesn't own that copy of IIS. Microsoft does. I would soooooo like to be able to attach a downside to media/software companies maintaining 'ownership' of their products, and liability for their misuse would certainly be a good place to start. Similar to gun manufacturers maybe? If gun manufacturers can be held liable for misuse of their products (not my belief that it's right, but it has happened in court) when the customers own the product, imagine how much easier it should be to attach liability if the company retained ownership of the damaging product?
Very shortly after the beginning of Code Red this ceased to be about server admins. The boxes being infected by these viruses now are home or non-power business users who have IIS enabled by default. Why by default? Because MS doesn't care about security. Why not throw in features most users won't need by default? What's the harm? Oh, we're destroying the stability of global routing? Oopsie.
The majority of the IP addresses spreading these viruses show the default homepage if you go to them. Because the home or casual business users running these boxes DON'T KNOW what IIS is, or that they have it enabled, they DON'T KNOW that they're vulnerable or infected. These are the people that criticalupdate would reach. These are the people that need the patches. By NOT pushing this patch, MS is leaving the situation as it is, and it will never get better. To repeat - security conscious server admins are having their network hammered by this virus not because other server admins are lazy - but because many non server admins have operating systems with IIS enabled by default, and MS is making no attempt at all to reach those people despite the fact that the situation has not improved.
Today windowsupdate told me to install a patch to resolve the "Malformed Data Frame Sent to a Windows 2000 Computer Through an Infrared Port Causes Stop Error". Great. Of course my computer doesn't HAVE an ir port. But MS is pushing this patch. And NOT pushing the limited patches they have for the iis vulnerability that Code Red and others exploited.
Well I think the point to the researchers is just to find out what was causing what they saw. This is what researchers do:) This was not about one router, it was about global routing.
To me, the point of research like this is to point fingers at Microsoft. Microsoft can claim not to have a problem with security all they want. But if it is shown that security vulnerabilities in their system are causing instability in global internet routing, that could provide a way to show liability. Because dammit no software company should be doing anything that could degrade global internet routing.
Currently it's hard to argue in court that a reasonable programmer might not leave some of those vulnerabilities. But if those vulnerabilities were responsible for crippling the net? I think any court would hold that any reasonable programmer would make sure their program can't cripple the internet. Meaning the billions in dollars it costs everyone attached to the net when these viruses spread, not just MS users, could be recovered from MS and give them a real impetus to build security into their systems, which is currently missing. Many of you hold spammers to be responsible when they use your network resources without your permission. Microsoft is doing the same thing by leaving these holes. Why haven't the limited patches they have been pushed by critical update? Why has Microsoft come out in the press to say that millions are unnecessarily downloading these patches in an apparent attempt to dissuade people from downloading the patches? In the same week that critical update kept insisting I download patches for Win2k that are only relevant to servers when I only use my box as a workstation?
I read the post often, I live in DC. Their editorial slant has gotten more and more extreme lately. I would have given them the benefit of the doubt a year ago. But they seemed hell-bent on becoming the mouthpiece of this administration even before this incident. Since? Even the unsigned editorials in the op-ed page have been rank and file in line with a certain ideology. Not one I share. They don't like people getting upset at their editorial slant? Maybe they should go back to unbiased reporting.
'The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.'
Nowhere in the constitution is government given the right to regulate what chemicals enter my body.
This cd isn't encrypted. It's just wildly out of whack with the standard format your cdr drive expects. If it can be played in an audio cd player, this scheme cannot be considered to 'effectively limit access', so it doesn't meet the requirements of the DMCA. Making railing against the acknowledged evils of the DMCA a moot point here.
Your comment was true about the other story, until it was updated. I would suggest you read the links in THIS article that goes to a copy of the EULA which DOES contain this restriction. There seem to be different versions of the EULA.
Anonymous coward, stop thinking balls before brains and check out the facts before you start posting angry comments about penguin worshippers:P
So were those great American heroes, the Dukes of Hazard...
"Making their way,
the only way they know how,
but that's just a little bit more
than the law'll allow"
The problem is that Bill's way is also a "little bit more than the law'll allow". I think it's high time we sicced Roscoe P. Coltrane on him. Without the General Lee Bill's got no chance:)
Every web page is a mix of html and code. An original work of authorship.
Every web page should, therefore, be granted copyright protection.
The inevitable result of this is that portals stop indexing the web and the web ceases to be a useful tool.
The web is a DIFFERENT media than all others before it. It shouldn't be surprising that 18th century laws don't apply to it well.
When Kelly posts an image on his web site he is implicitly GRANTING consent for people to do any of the things they can do with http commands to access it: including viewing the image in a browser, saving it to their hard drive, saving the location, giving the location to their friends (which is why slashdot is allowed to crash other web sites willy nilly), etc. Including being spidered. The web would be nothing if not for the popularity of the portals early on for making the web usable. He wouldn't bother posting his images if the search engines weren't doing what they're doing. Nobody is SELLING his images in competition with him, so nobody is causing him financial loss. One of the reasons the movie companies lost Betamax was that the court held that someone MUST show actual financial loss to be able to request help from the copyright laws. Remember, copyright laws were aimed at publishing houses originally to keep them from stealing from each other. At best Kelly could maybe get a judgement that ditto.com or whoever couldn't show ads on pages with images from other sites, that those sites couldn't profit from other's copyrighted work. Although I would remind you again that all web sites could be considered copyrighted, and that this could be disastrous. Does slashdot profit from others' copyrighted work? Is this illegal theft or online journalism?
If Kelly wants to use the web to post images and grant selective access a variety of technical means exist to allow him to do this, from firewalls to passwords to the simplest robots.txt and meta tag exclusions. If the technical means exist to allow this, I would say that he is obliged to avail himself of those before he can seek remediation. The web was here before Kelly and will be afterwards. If he doesn't want to play by his rules he can take his toys and go home.
User-agent: *
Disallow:/image
Put all image files in the/image directory.
or I would recommend for him:
User-agent: *
Disallow: /
- i don't think he has any 'right' to use the search sites to promote his site if he doesn't consent to them copying his data. Is html code protected by copyright? This would make all search sites illegal, and destroy the internet as a usable resource. So because the consequences would be untenable, we should answer no.
That's all. Meta tags, which you seem to be thinking of, are a pain in the ass, poorly supported, and only worth using if you don't control the domain and can't put up your own robots.txt file.
If I put 10 pizzas on a picnic table with a note saying 'please dont eat my pizza' and leave it there for 3 days - it will be eaten. If I do this ignoring the safe that's right there that I could use to lock them in, then i'm an idiot.
But the net is a public place.... by default the assumption is that anything there can be accessed by anyone else on the net that knows how to query the resource with http requests, even bots. You are 'opt-ing in' to this by publishing your images, text, whatever to the net.
The REAL question is why not put up a robots.txt file telling the robots what files and directories you don't want them to index? ONLY if they ignore this do you need to deal with any of these other issues.
Is that robots.txt has been around for longer than most of you young'uns have been on the net, not something that's being added now. If you don't know how to make a standard web site using standard technology.... too bad.
This seems so absurd to me.... I remember when the hottest programs were ones to get you higher-ranked on the search engines to drive traffic... has concern over ip really overwhelmed a desire for more visitors this much?
Copyright is simply NOT an appropriate guide to IT policy. Society has spent trillions creating technology allowing information to be instantly copied.
Copyright law was created to regulate BOOKS, not ELECTRONS. And it wasn't aimed at individuals, but at publishing houses.
This is why we have absurd situations where publishers claim that the information in buffer memory represents a copy - that streamed audio is creating a copy in fixed tangible form. What copy? Where?
Craziness... And of course we certainly wouldn't want to consider creating a copy to allow indexing by search engines to be fair use would we? Why that would instantly destroy our whole society and open an interdimensional gateway for demons to pour forth and devour our children:)
You can use a little thing called robots.txt - look it up here or here if you don't know what it is.
Allows really useful features like marking given directories, pages, or files off-limits to a specific robot or all robots in general. Boy... a technical solution to a technical problem instead of a new round of lawsuits?
Quickie examples (this is SO simple folks):
User-agent: *
Disallow: /
Boom! No more google telling that horrible world of pirates and thieves about your site. Not many visitors either though....
So maybe you want to exclude just googlebot from your images and image directory with the following:
User-agent: googlebot
Disallow:/image
This will still allow your main pages to be indexed according to your meta keywords, but will disallow any 'napsterization'. Of course since it requires people running sites to do work and understand technology lots of people will probably decided lawsuits are easier.
Robots.txt DOES require you to run your own domain. If you don't, try using meta tags in the head of the html code for a similar effect, but it is harder to implement (must be on each page rather than site wide) and less supported. Info here.
If you spend that much time on the images... spend 5 minutes making a robots.txt file to indicate you don't want them taken by bots. But always consider anything you put on the net as published, if something's private don't put it on the net.
A little thing called robots.txt - look it up here or here if you don't know what it is.
Allows really useful features like marking given directories, pages, or files off-limits to a specific robot or all robots in general. Boy... a technical solution to a technical problem? Who'd a thunk it?
Quickie examples (this is SO simple folks):
User-agent: *
Disallow: /
Boom! No more google telling that horrible world of pirates and thieves about your site. Not many visitors either though....
So maybe you want to exclude just googlebot from your images and image directory with the following:
User-agent: googlebot
Disallow:/image
If you want to do this for multiple directories, you add on more Disallow lines:
User-agent: *
Disallow:/image
Disallow:/cgi-bin/
Now if you put
meta name="robots" content="All,INDEX"
meta name="revisit-after" content="5 days"
in your code to show up high on the search engines, you shouldn't be surprised or upset when you SHOW UP HIGH ON THE SEARCH ENGINES.
Not all robots follow the robots.txt standard, and there's no way of forcing them too. But google does, and that seems to be the big concern here.
Once it is downloaded, WHY would i want it to leave memory?
What advantage is there in scrolling fast, if you can only scroll fast in low res?
Sorry, i prefer downloading a file rather than 'streaming' this jpg to me, a one time wait is worth it.
I REALLYYYYY hope that your app doesn't expect users to be 'logical', cater to user's actual desires, not what you think would be logical. The solution to my download problem to me is obvious, a T3.:)
Just my thought. Actually common sense would say "It's just a movie, relax and enjoy the ride". And I do, but I'm also intrigued by the themes of 'unreality' raised by Matrix, Dark City, 13th Floor, Existenz, and others of that genre.
Since the theme of the whole movie seemed to be 'The world is so f***ed up it has to be fake" I just carried that thought to another level, the level of 'reality' revealed by the plot of the movie. Not saying that it is 'literal truth' (if such a term has any meaning in a literary work), just that I thought it was a neat lens to view the story through, and that it could add another level to the themes and issues raised in the movie. I've always been of the rather post-modern view that the audience's reading of and participation in the telling of the story was just as valid as the author's intention.
The test of a good movie, to me, is when I've seen it 100 times, and then watch it again and come up with a new theory that suddenly re-explains everything. Like when I finally understood the Madonna conversation at the beginning of Reservoir Dogs (metaphor for whole movie, acting like first time thieves gets them hurt).
My latest -
The movie says that it is the first half of the movie that takes place in a 'fake' world. And we buy into it. Look deeper. The evidence is flimsy. In fact, it is more elegant if the second half of the movie takes place in a fake world. The tech that creates a fake world could create either. But wouldn't it be easier to make one sub and a little surroundings versus the entire world? Think about it. Neo lives a boring life in our boring world, then he meets these weird people, takes a pill, weird shit happens, they strap him into a vr chair, and boom, the whole second half of the movie is imaginary. Boring programmer vs. the savior of the world, which is more likely?
Slashdot Mirror
I've never seen anything like that on windowsupdate. Microsoft made statements that 'millions were unnecessarily downloading' the patch. I've seen nothing since then on the news from them.
Can you provide some sources?
I never thought of that angle. Yes, people are talking about 'the customer needs to patch' - why? The customer doesn't own that copy of IIS. Microsoft does. I would soooooo like to be able to attach a downside to media/software companies maintaining 'ownership' of their products, and liability for their misuse would certainly be a good place to start. Similar to gun manufacturers maybe? If gun manufacturers can be held liable for misuse of their products (not my belief that it's right, but it has happened in court) when the customers own the product, imagine how much easier it should be to attach liability if the company retained ownership of the damaging product?
Very shortly after the beginning of Code Red this ceased to be about server admins. The boxes being infected by these viruses now are home or non-power business users who have IIS enabled by default. Why by default? Because MS doesn't care about security. Why not throw in features most users won't need by default? What's the harm? Oh, we're destroying the stability of global routing? Oopsie.
The majority of the IP addresses spreading these viruses show the default homepage if you go to them. Because the home or casual business users running these boxes DON'T KNOW what IIS is, or that they have it enabled, they DON'T KNOW that they're vulnerable or infected. These are the people that criticalupdate would reach. These are the people that need the patches. By NOT pushing this patch, MS is leaving the situation as it is, and it will never get better. To repeat - security conscious server admins are having their network hammered by this virus not because other server admins are lazy - but because many non server admins have operating systems with IIS enabled by default, and MS is making no attempt at all to reach those people despite the fact that the situation has not improved.
Today windowsupdate told me to install a patch to resolve the "Malformed Data Frame Sent to a Windows 2000 Computer Through an Infrared Port Causes Stop Error". Great. Of course my computer doesn't HAVE an ir port. But MS is pushing this patch. And NOT pushing the limited patches they have for the iis vulnerability that Code Red and others exploited.
Explain please how that makes sense?
Well I think the point to the researchers is just to find out what was causing what they saw. This is what researchers do :) This was not about one router, it was about global routing.
To me, the point of research like this is to point fingers at Microsoft. Microsoft can claim not to have a problem with security all they want. But if it is shown that security vulnerabilities in their system are causing instability in global internet routing, that could provide a way to show liability. Because dammit no software company should be doing anything that could degrade global internet routing.
Currently it's hard to argue in court that a reasonable programmer might not leave some of those vulnerabilities. But if those vulnerabilities were responsible for crippling the net? I think any court would hold that any reasonable programmer would make sure their program can't cripple the internet. Meaning the billions in dollars it costs everyone attached to the net when these viruses spread, not just MS users, could be recovered from MS and give them a real impetus to build security into their systems, which is currently missing. Many of you hold spammers to be responsible when they use your network resources without your permission. Microsoft is doing the same thing by leaving these holes. Why haven't the limited patches they have been pushed by critical update? Why has Microsoft come out in the press to say that millions are unnecessarily downloading these patches in an apparent attempt to dissuade people from downloading the patches? In the same week that critical update kept insisting I download patches for Win2k that are only relevant to servers when I only use my box as a workstation?
I read the post often, I live in DC. Their editorial slant has gotten more and more extreme lately. I would have given them the benefit of the doubt a year ago. But they seemed hell-bent on becoming the mouthpiece of this administration even before this incident. Since? Even the unsigned editorials in the op-ed page have been rank and file in line with a certain ideology. Not one I share. They don't like people getting upset at their editorial slant? Maybe they should go back to unbiased reporting.
'The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.'
Nowhere in the constitution is government given the right to regulate what chemicals enter my body.
This cd isn't encrypted. It's just wildly out of whack with the standard format your cdr drive expects. If it can be played in an audio cd player, this scheme cannot be considered to 'effectively limit access', so it doesn't meet the requirements of the DMCA. Making railing against the acknowledged evils of the DMCA a moot point here.
All kinds of answers.... buried at the bottom of the discussion.
Your comment was true about the other story, until it was updated. I would suggest you read the links in THIS article that goes to a copy of the EULA which DOES contain this restriction. There seem to be different versions of the EULA.
:P
Anonymous coward, stop thinking balls before brains and check out the facts before you start posting angry comments about penguin worshippers
So were those great American heroes, the Dukes of Hazard...
:)
"Making their way,
the only way they know how,
but that's just a little bit more
than the law'll allow"
The problem is that Bill's way is also a "little bit more than the law'll allow". I think it's high time we sicced Roscoe P. Coltrane on him. Without the General Lee Bill's got no chance
Every web page is a mix of html and code. An original work of authorship.
Every web page should, therefore, be granted copyright protection.
The inevitable result of this is that portals stop indexing the web and the web ceases to be a useful tool.
The web is a DIFFERENT media than all others before it. It shouldn't be surprising that 18th century laws don't apply to it well.
When Kelly posts an image on his web site he is implicitly GRANTING consent for people to do any of the things they can do with http commands to access it: including viewing the image in a browser, saving it to their hard drive, saving the location, giving the location to their friends (which is why slashdot is allowed to crash other web sites willy nilly), etc. Including being spidered. The web would be nothing if not for the popularity of the portals early on for making the web usable. He wouldn't bother posting his images if the search engines weren't doing what they're doing. Nobody is SELLING his images in competition with him, so nobody is causing him financial loss. One of the reasons the movie companies lost Betamax was that the court held that someone MUST show actual financial loss to be able to request help from the copyright laws. Remember, copyright laws were aimed at publishing houses originally to keep them from stealing from each other. At best Kelly could maybe get a judgement that ditto.com or whoever couldn't show ads on pages with images from other sites, that those sites couldn't profit from other's copyrighted work. Although I would remind you again that all web sites could be considered copyrighted, and that this could be disastrous. Does slashdot profit from others' copyrighted work? Is this illegal theft or online journalism?
If Kelly wants to use the web to post images and grant selective access a variety of technical means exist to allow him to do this, from firewalls to passwords to the simplest robots.txt and meta tag exclusions. If the technical means exist to allow this, I would say that he is obliged to avail himself of those before he can seek remediation. The web was here before Kelly and will be afterwards. If he doesn't want to play by his rules he can take his toys and go home.
Someone else asked about why you have to opt out of robot spidering... you articulated this much better than I was able to.
User-agent: * /image
/image directory.
Disallow:
Put all image files in the
or I would recommend for him:
User-agent: *
Disallow: /
- i don't think he has any 'right' to use the search sites to promote his site if he doesn't consent to them copying his data. Is html code protected by copyright? This would make all search sites illegal, and destroy the internet as a usable resource. So because the consequences would be untenable, we should answer no.
That's all. Meta tags, which you seem to be thinking of, are a pain in the ass, poorly supported, and only worth using if you don't control the domain and can't put up your own robots.txt file.
If I put 10 pizzas on a picnic table with a note saying 'please dont eat my pizza' and leave it there for 3 days - it will be eaten. If I do this ignoring the safe that's right there that I could use to lock them in, then i'm an idiot.
But the net is a public place.... by default the assumption is that anything there can be accessed by anyone else on the net that knows how to query the resource with http requests, even bots. You are 'opt-ing in' to this by publishing your images, text, whatever to the net.
The REAL question is why not put up a robots.txt file telling the robots what files and directories you don't want them to index? ONLY if they ignore this do you need to deal with any of these other issues.
To the best of my knowledge at least, don't know about ditto - anyone have any info on them?
Is that robots.txt has been around for longer than most of you young'uns have been on the net, not something that's being added now. If you don't know how to make a standard web site using standard technology.... too bad.
This seems so absurd to me.... I remember when the hottest programs were ones to get you higher-ranked on the search engines to drive traffic... has concern over ip really overwhelmed a desire for more visitors this much?
Exactly!
:)
Copyright is simply NOT an appropriate guide to IT policy. Society has spent trillions creating technology allowing information to be instantly copied.
Copyright law was created to regulate BOOKS, not ELECTRONS. And it wasn't aimed at individuals, but at publishing houses.
This is why we have absurd situations where publishers claim that the information in buffer memory represents a copy - that streamed audio is creating a copy in fixed tangible form. What copy? Where?
Craziness... And of course we certainly wouldn't want to consider creating a copy to allow indexing by search engines to be fair use would we? Why that would instantly destroy our whole society and open an interdimensional gateway for demons to pour forth and devour our children
You can use a little thing called robots.txt - look it up here or here if you don't know what it is.
/image
Allows really useful features like marking given directories, pages, or files off-limits to a specific robot or all robots in general. Boy... a technical solution to a technical problem instead of a new round of lawsuits?
Quickie examples (this is SO simple folks):
User-agent: *
Disallow: /
Boom! No more google telling that horrible world of pirates and thieves about your site. Not many visitors either though....
So maybe you want to exclude just googlebot from your images and image directory with the following:
User-agent: googlebot
Disallow:
This will still allow your main pages to be indexed according to your meta keywords, but will disallow any 'napsterization'. Of course since it requires people running sites to do work and understand technology lots of people will probably decided lawsuits are easier.
Robots.txt DOES require you to run your own domain. If you don't, try using meta tags in the head of the html code for a similar effect, but it is harder to implement (must be on each page rather than site wide) and less supported. Info here.
If you spend that much time on the images... spend 5 minutes making a robots.txt file to indicate you don't want them taken by bots. But always consider anything you put on the net as published, if something's private don't put it on the net.
Allows really useful features like marking given directories, pages, or files off-limits to a specific robot or all robots in general. Boy... a technical solution to a technical problem? Who'd a thunk it?
Quickie examples (this is SO simple folks):
User-agent: *
Disallow: /
Boom! No more google telling that horrible world of pirates and thieves about your site. Not many visitors either though....
So maybe you want to exclude just googlebot from your images and image directory with the following:
User-agent: googlebot
Disallow:
If you want to do this for multiple directories, you add on more Disallow lines:
User-agent: *
Disallow:
Disallow:
Now if you put
in your code to show up high on the search engines, you shouldn't be surprised or upset when you SHOW UP HIGH ON THE SEARCH ENGINES.
Not all robots follow the robots.txt standard, and there's no way of forcing them too. But google does, and that seems to be the big concern here.
A real life example, slashdot's robot.txt file (at slashdot.org/robots.txt):
Once it is downloaded, WHY would i want it to leave memory?
:)
What advantage is there in scrolling fast, if you can only scroll fast in low res?
Sorry, i prefer downloading a file rather than 'streaming' this jpg to me, a one time wait is worth it.
I REALLYYYYY hope that your app doesn't expect users to be 'logical', cater to user's actual desires, not what you think would be logical. The solution to my download problem to me is obvious, a T3.
Just my thought. Actually common sense would say "It's just a movie, relax and enjoy the ride". And I do, but I'm also intrigued by the themes of 'unreality' raised by Matrix, Dark City, 13th Floor, Existenz, and others of that genre.
Since the theme of the whole movie seemed to be 'The world is so f***ed up it has to be fake" I just carried that thought to another level, the level of 'reality' revealed by the plot of the movie. Not saying that it is 'literal truth' (if such a term has any meaning in a literary work), just that I thought it was a neat lens to view the story through, and that it could add another level to the themes and issues raised in the movie. I've always been of the rather post-modern view that the audience's reading of and participation in the telling of the story was just as valid as the author's intention.
The test of a good movie, to me, is when I've seen it 100 times, and then watch it again and come up with a new theory that suddenly re-explains everything. Like when I finally understood the Madonna conversation at the beginning of Reservoir Dogs (metaphor for whole movie, acting like first time thieves gets them hurt).
My latest - The movie says that it is the first half of the movie that takes place in a 'fake' world. And we buy into it. Look deeper. The evidence is flimsy. In fact, it is more elegant if the second half of the movie takes place in a fake world. The tech that creates a fake world could create either. But wouldn't it be easier to make one sub and a little surroundings versus the entire world? Think about it. Neo lives a boring life in our boring world, then he meets these weird people, takes a pill, weird shit happens, they strap him into a vr chair, and boom, the whole second half of the movie is imaginary. Boring programmer vs. the savior of the world, which is more likely?
Matrix isn't a standalone movie, with sequels being tacked on. It's the first in what was always planned to be a trilogy.
Yes Dorothy, the Matrix was just the boring intro leading up to the real meat of the story. Worth the wait I'm sure.